Windows Security Renewal Description
Windows Security Renewal is one of the dozens of variants of the infamous FakeVimes family of malware. These fake security programs have been active since 2009. However, since early 2012, there have been numerous reports of FakeVimes-related outbreaks all around the world. This comeback of the FakeVimes family of malware may be due to its associated malware. Although the FakeVimes rogue security programs themselves have not changed much since 2009, in 2012 criminals started bundling these malicious bogus anti-virus programs with a variant in the Sirefef family of rootkits. This makes Windows Security Renewal and its many clones particularly resilient to removal and detection. To remove Windows Security Renewal, ESG security analysts strongly recommend the use of an anti-rootkit tool coupled with an advanced anti-malware application. Some examples of clones of Windows Security Renewal include programs with names like Windows Security System, Windows Virtual Firewall and Windows Home Patron.
Windows Security Renewal is designed to carry out a common online scam. Basically, what Windows Security Renewal intends is to persuade its victims that their PCs are infected with all kinds of harmful malware while posing as a legitimate security program. However, any attempt to use Windows Security Renewal to fix these supposed malware infections will result in error messages claiming that an expensive ‘upgrade’ for Windows Security Renewal is needed in order to handle this nonexistent problem. Since Windows Security Renewal has no actual way of detecting or removing malware and is actually a kind of malware threat itself, ESG security analysts recommend against paying for Windows Security Renewal and recommend its immediate removal. Windows Security Renewal will harass its victims constantly with alarming error messages, browser redirects, and a variety of other symptoms.
Getting Rid of a Windows Security Renewal Infection
Manual removal of Windows Security Renewal is definitely not recommended, especially because malware in the Sirefef family can reinstall itself if removed incorrectly and can even irrevocably damage your operating system due to the sensitive areas that are infected. Instead, an advanced anti-malware tool should be used to take care of a Windows Security Renewal infection. The registration code 0W000-000B0-00T00-E0020 can help you stop many of Windows Security Renewal’s irritating behaviors in order to facilitate removal, although the use of this code should not be considered as an effective or permanent solution to a Windows Security Renewal infection.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Security Renewal?
Download SpyHunter’s Detection Scanner
to Detect Windows Security Renewal.
‘How Windows Security Renewal Infects Your Computer’ Video
Windows Security Renewal Removal Details
Windows Security Renewal has typically the following processes in memory:
Windows Security Renewal creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunInspector %AppData%\Protector-[rnd].exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE